File Trajectory and history

Hello everyone,

Does anyone know if Smartevent is able to show the file history and trajectory of a file across an enterprise?

An example would be a file that was first seen 1 month ago in several gateways and/or endpoints, indicating attack vectors (SMTP, FTP, HTTP, etc) and properties of said file (size, hash, filename and extension, etc)

Then later, if the file is flagged as malicious and seen again on a gateway or endpoint, one could go to a smartevent report or view, search a file by md5 or filename and confirm which endpoints received that file and what was the attack vector.

Re: File Trajectory and history

Hi Dameon,

Yes, I know that part of those capabilities are part of the Sandblast agent forensics.

However I was looking for some of these reporting capabilities on the gateway side since this is probably being offered by Cisco competition on their AMP solution and the project doesn't involve an endpoint protection solution.